Roger Entner, telecommunications expert and founder of Recon Analytics, was slated to be part of the expert panel for AEI’s May 29 event, “International economics and securing next-generation 5G wireless networks: A conversation with Amb. Robert Strayer.” He was unfortunately unable to join, but my colleague Claude Barfield and I were able to interview him last week to gain his perspective on safeguarding next-generation 5G networks, the 5G supply chain, software-defined networking, questions on Huawei, and the economic prosperity promised by the next generation of wireless networks. The following is an edited transcript of our conversation with Entner.

The logo for Huawei is pictured at the ITU Telecom World in Geneva, Switzerland – via REUTERS

Shane Tews: What will be the impact of 5G wireless technology on economic growth and innovation?

Roger Entner: 5G wireless is a transformatory technology that opens up a lot more new possibilities than 4G. 4G was just faster than its predecessors, and look at what the App economy did for the economy. 5G will bring you edge computing; it will bring you extremely low latency. Autonomous cars, augmented reality — all of these things become possible. Your whole device universe will change because the computing that happens on your device will move from your device and to the cloud. Your device will get simultaneously dumber and smarter, because the computing moves from your device to the cloud — so more computing, lighter, less heat, less everything, and a tremendous amount of innovation. We don’t know yet how this will play out when you basically have only a little device that is attached to a supercomputer data center in the background.

Shane Tews: Can you elaborate on how devices will become both smarter and dumber at the same time as a result of 5G?

Roger Entner: If the device has no connection, it becomes dumber because it’s less powerful — because all the computing capabilities will move to the cloud. When the device connects to that data center in the cloud, you can do all the computation there. So instead of having one processor in your phone, you have hundreds and thousands of processors through the cloud computing network that can do all of the work that your phone currently does, just 100 to 1,000 times faster. And with that, you don’t need the same capabilities on your phone anymore because you’re outsourcing it to the cloud.

Claude Barfield: What are the security implications of moving everything to the cloud?And how are things more difficult, or less, or the same as for 4G from a security perspective?

Roger Entner: This raises the importance of the security issue even higher because things that were typically done securely on your device are now being done in the cloud. If the infrastructure that is used to transmit the information from your phone to the cloud — being computed there and sent back to your phone — is compromised, then even private things that typically didn’t leave your phone become accessible to eavesdroppers in the cloud. The idea of “What’s on your device stays on your device,” is no longer true. This makes it even more important that you have to trust your network provider and your network equipment provider with security, because the delineation between device and network becomes extremely blurry.

Claude Barfield: If 5G is going to be rolled out sooner rather than later, what’s the worry about Huawei and the base equipment?

Roger Entner: The issue is that Huawei, and whomever they give access to, can listen in to your conversations, can tap the communications. But most people think that this is just about the emails you’re sending or the websites you’re going to. But it’s going one step further, when the device and the network are blurred together. It’s access to everything on your phone. Whatever you do on your phone basically also resides in the cloud for maximum convenience.

Claude Barfield: What would Huawei, or the Chinese government through Huawei, actually do if they wanted to compromise 5G networks, or devices, or put in malware somewhere? Would they go to the cloud?

Roger Entner: The whole value chain is from the device — network equipment to the cloud services. The major concern is that in 5G, because the equipment also becomes virtualized and is optimized on cloud infrastructure, means Huawei doesn’t need the backdoor because it’s in the front door all the time. And under Chinese law it has to share all the passwords and logins to every network that it has access to with the Chinese state security. They don’t need a backdoor. They come in the front door. “Oh, let me use this password and let me use that identity,” and that might not even be a Huawei identity. It might be the identity of a network engineer at the carrier that they have equipment at, because they also have those passwords. They would have access to everything.

Claude Barfield: Well, at the moment, what is the distinction that the Europeans are making, if I understand it, that they will keep Huawei out of the critical equipment but that they will let Huawei into the peripherals, the base stations and antenna, etc.? Is that valid?

Roger Entner: In a traditional sense, you have antennas connected to a base station connected to the core network — and they are distinct equipment. There is a delineation between these elements where you can then put security measures. In a 5G world, the base station becomes software and moves into the core. It’s just another app. A good parallel would be what used to be your typewriter is becoming your Word application, and it resides in the core of the network. The physical distinction that allows you currently to insert security between hardware components goes away. Everything becomes software. The telecom network becomes like your PC with software and constant software updates to keep it current.

Shane Tews: You’re saying it’s omnipresent? That I’m no longer worried about the physical equipment where the information is flowing through and being captured by a device that’s on a hardware device, hence no need for the backdoor? You’re saying that once this is software-driven, it’s similar to an iOS update on your phone? That the company providing the software update could introduce a bug or some device that captures every bit and byte that goes across your device?

Roger Entner: Correct. What the Europeans are saying and their ideas around security are an increasingly outdated way of doing wireless. It’s the last days of dinosaurs where you have distinct network equipment. The simple efficiency gains that you get through software-defined networking, by making everything software, are significant. And that allows us to provide you with cheaper, better, faster communications but also raises that security issue.

Claude Barfield: So when GCHQ goes along with the statement that we can manage the risk from Huawei, and they’re doing so with this distinction that the Europeans keep using, then that’s really a false security, is that correct? So why is GCHQ going along with it?

Roger Entner: I don’t know why GCHQ is going along with it. On a hardware basis, they can manage the security, but that is an increasingly outdated model. Today, for AT&T, more than half of their network has been virtualized. Yes, they’re leading the charge. The Europeans are late when it comes to software-defined networking, but they will catch up. And in the new world of 5G, with virtualization, you can’t manage security in the same way anymore. So they are very deliberate in how they word it in a 4G world and with a 4G mindset.

I think a very good example is Kaspersky, right? Kaspersky, founded by Eugene Kaspersky, former Russian military, built this ubiquitous, excellent antivirus application. He swore up and down that he didn’t cooperate with Russian intelligence, and everybody believed him, despite the Russian laws that require Kaspersky to cooperate with Russian intelligence. Then Israeli intelligence hacked into Kaspersky. The Israelis found that the Kaspersky antivirus has access to all the files on your computer, it can pull files off your computer, and were transferring it, analyzing it, and sending a copy to the Russian intelligence services. We never would have known unless the Israelis had hacked into it. It’s the same thing with 5G and Huawei; you can just change the names and put in there a former People’s Liberation Army officer, and China instead of Russia. The parallels are striking. The fundamental question is, do you trust that party or not? Both Kaspersky and Huawei are subject to countries that are not our allies. I would rather trust allies than non-allies.

Claude Barfield: So I take it from what you said that one might disagree with the way the British are going about it, but the United States is right in warning not just our trading partners but also our security partners about the security implications of 5G. And excluding Huawei even from being a vendor is important.

Roger Entner: Absolutely. Yes, because it’s like you’re sleeping with the enemy. You have to be careful with who you get in bed with when it comes to national security. If your strategic rivals are your network partners, one scenario is they just listen. But another one is that they can just turn the network off, and your entire country comes to a crashing halt when communications is disrupted. Imagine the US communications network going completely down — blackout situation — and it’s not coming on again. You would need to rebuild that whole network. It would take years.

Claude Barfield: Right. To go back to the virtual versus the baseline equipment, we now have in effect Huawei, Ericsson, and Nokia, with Samsung really pushing hard to get into it. In the future, we’re moving to the software becoming much more important. Are there other companies who are not involved in hardware now that will come back into it and create more competition? So you’re not going to be dependent on just Huawei, Ericsson, and Nokia.

Roger Entner: Correct, because the barrier to entry is much lower if you only have to do software than if you also have to manufacture equipment. Hardware engineering is a lot more difficult. A big drive in all of this is to commoditize hardware and differentiate software. So for example, there’s an initiative to create an open radio access network, which would mean there are no-name antennas that you can put software on. And depending on the software, the antennas work differently. It’s a transformation of the whole carrier-vendor relationship.

Claude Barfield: That goes back, again, to the Europeans. The Europeans say, and as a matter of fact one of the other panelists in our session last week said, if there is Huawei equipment in a 4G network, it would be a huge cost to replace it. But it’s also technologically complicated because if you’ve got one kind of equipment, it’s really tough to extricate yourself later. But from what we have been talking about, it seems to me that that may be something that the Europeans can finesse in some way.

Roger Entner: Not really. We are seeing already at Vodafone and British Telecom in the UK, and Vodafone and O2, which is Telefonica’s network in Germany, that they’re replacing their 4G Huawei core network components with those of Nokia and Ericsson. When we look at it, de facto the only holdout right now that is clinging to Huawei equipment in the core is Deutsche Telekom.

Claude Barfield: But for all of them, the hardware’s not going to be as important. It sounds to me — and correct me if I’m wrong — that a lot of the debate is about kind of an obsolete view of where things are. So both on the American side and on the European side, why are we arguing about Huawei and hardware?

Roger Entner: Because people can imagine boxes. They can’t imagine software, because we can’t put our mind around it. Everybody can imagine a box, a base station, or an antenna, but what does Word or Excel look like? It’s like downloading a free program from the internet that does miraculous things. It might have malware attached to it, and you wouldn’t even know it. And then somebody could take over your computer because it’s a Trojan.

Shane Tews: To get to the physical, sometimes it helps to have a visual aid, such as when Eisenhower was building the interstate highway system. So you think of 4G and below as rural highways and the route system, and then they came and overlaid on top with the highway system. And it’s great as long as you can stay on it, but occasionally you get pushed off of it onto the old highways, and that’s when you’d be pushed back to 4G, and that’s when that matters. So there’s already Huawei equipment in the 4G, which is hardware. And as we move into this next generation, we will be migrating off of it, but they’re running in parallel, the same way that we have old route systems that are run by the state of Virginia as opposed to the interstate system which has the federal overlay. That gives you an idea of the physical implementation. Every once in a while you’re going to get rerouted onto a lower level network, and it happens a lot when you’re not in the United States or when you’re in rural areas. So there’s still that level of connectivity even as we go to a more software-based system. Eventually, it will completely evolve, but it’s going to take some time.

Roger Entner: Yes, but you can manage the security on the 4G side. You can’t manage it anymore on the 5G side when you go to software. It is the fundamental strength and weakness of virtualization. The base station and the antenna are like the arms, and the core is the brain. And if the brain is controlled by Huawei, you really must trust your core network provider. Whenever there’s a generational shift in network equipment, the competitive mix, both in carriers and among vendors, is being reshuffled because the existing equipment is less important. And compatibility is important. Now we know that Ericsson, Samsung, and Nokia equipment works very well with everybody else’s equipment. When you have a Huawei core it works less well with that of their competitors.

Claude Barfield: Looking around the world now, in the next couple of years as the initial 5G is rolled out, Huawei’s still likely to be dominant in places like Africa, South America, and Southeast Asia, is it not? And there’s nothing to stop that right now, right?

Roger Entner: Yes. Absolutely. There’s no way to stop it, because a lot of countries are highly resource-constrained, and they will pick the lowest-priced vendor. And that is, in many cases, Huawei. And Huawei equipment is good, but if it’s too good to be true, it might not be. We saw this with the African Union building in Addis Ababa, which was built by the Chinese government. They put in Huawei equipment, and a few years later, the African leaders got suspicious and asked the French to go through the building and make an audit of the equipment. The French found bugs and eavesdropping equipment, and the building’s telecommunications equipment reported back to China. It’s very generous of the Chinese government to donate that to the African Union, but at the same time, Beijing knew as well as the folks in Addis Ababa what was going on at the African Union, because they had full access to everything. We don’t want that.

Shane Tews: The other thing is that there’s always an expected kickback in those countries that they’re not going to get, most likely, from the Nordic equipment manufacturers or a US company because it’s like going back to the future. It’s what the Russians used to offer to the Eastern Bloc telecommunications ministries in the 1980s. They always had two lines out of every telecommunications portal. One went to the local government, and the other one went directly back to Moscow. So it’s just a new version of a very old spy game that’s been going on forever, ever since there was telephony.

Roger Entner: Yes. So there is precedent where Chinese equipment was being used to spy on others. It’s not like the US has a monopoly on it and is the only one who spies. Everybody spies on everybody. The question is just how easy you want to make it for your opponents to spy on you.

Claude Barfield: Yes, and I suspect that, despite what happened in the African Union, it’s not stopping other countries in Africa. Maybe not building a building, but they’re still going ahead with Huawei equipment.

Roger Entner: Yes, they have the choice between not being able to afford the equipment or being spied on. They figure, well, at least we have equipment. It’s part of the bargain. It’s like, okay, we know that the Chinese will listen to us. That’s the reality. You know the whole Belt and Road Initiative. They know very well that it comes with a heavy price, but the Chinese are spending billions and billions of dollars on that, creating dependency, and everybody going into it knows it. But they’re saying, well, they’re giving us money and you aren’t. They take the money, and that’s part of the deal.

Shane Tews: Can we talk about the Five Eyes and what’s going on there, our concerns about the UK and Europe in general?

Roger Entner: Well, the Five Eyes is the most trusted intelligence network in the world: the US, Canada, the UK, Australia, and New Zealand. And they share more intelligence with each other than anybody else. But that all relies on secure communications. And if the communications of at least one, if not more of them, is compromised, then you would be foolish to share the same level of communications anymore because you don’t want to share it with an adversary or a potential adversary. So American authorities told both the UK and the Germans that if they use Chinese equipment, the US thinks that the Chinese can listen in. So the US will only share the kind of intelligence that it doesn’t mind the Chinese knowing, too. And that’s not much. So it basically means that if the UK actually deploys Huawei equipment, then one of the Five Eyes goes blind, because Canada, Australia, New Zealand, and the US either have issued a formal ban or a de facto ban on Huawei equipment for exactly that reason. And if one steps out of line, then there are four eyes and not five. It’s a loss for everybody.